SQL Server and IIS on Same Server - Advice > Discussions

July 30, 2010 Login |

Home
FAQs
       SQL Server FAQ
       SQL Injection FAQ
       SQL Security Checklist
       SQL Server-Related Products
       SQL Server/MSDE-Based Applications
       SQL Server Version Database
Tools
       Lockdown Script
       Free Tools
       Free Analysis
       Group Policy Templates
       Commercial Tools
Community
       Discussions
       Links
About
Search

SQL Security Forums

Note: SQLSecurity.com does not allow nor require registration due to privacy concerns for users. SQLSecurity.com is open and anonymous for all. Please report any abuse or profanity.

Unanswered

Active Topics

Forums

Forums > Discussions > SQL Server Security

Subject: SQL Server and IIS on Same Server - Advice

Prev Next

Add Reply

Author

Messages

Dave (guest)

08/14/2006 7:33 AM	Quote Reply Alert
I have a third-party application that requires IIS. The application will only be accessed internally by employees. What are the risks of combining IIS and SQL Server on the same server? Thanks, Dave

mulhall (guest)

08/18/2006 12:56 AM	Quote Reply Alert
It's not necessarily a problem. Basically the main issue is of compromise - what are you opening yourself up to? If someone is able to root your server via IIS, they'll have access to SQL, what that gives them access to is down to the way SQL has been set up. The same same is true vice versa. Look at your setup and data sensitivity and decide whether this is an issue. Check here to secure you IIS configuration, http://www.microsoft.com/technet/security/prodtech/IIS.mspx And apply all the principles you find on this websit to your SQL set up. Depending on who needs access to IIS (everyone, a team, or just the app server?), you can use firewalls or IPSEC to control access to the box.

Add Reply

Forums > Discussions > SQL Server Security > SQL Server and IIS on Same Server - Advice

Quick Reply

Username:
Subject:
Body:

ActiveForums 3.6